From 631557e5371cbcfc0a54a6547a7baf7266005392 Mon Sep 17 00:00:00 2001
From: Peter Loer <ploer@acm.org>
Date: Fri, 27 Jun 2014 16:39:23 -0700
Subject: [PATCH] Changing ID check from PR #49 to not depend on idAttributes
 in SignedXml.

---
 lib/passport-saml/saml.js | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js
index e7108d5c..d6cb1df7 100644
--- a/lib/passport-saml/saml.js
+++ b/lib/passport-saml/saml.js
@@ -282,14 +282,13 @@ SAML.prototype.validateSignature = function (fullXml, currentNode, cert) {
   var refUri = sig.references[0].uri;
   var refId = (refUri[0] === '#') ? refUri.substring(1) : refUri;
   // If we can't find the reference at the top level, reject
-  var idAttribute = sig.idAttributes.filter(function (attribute) {
-    return currentNode.getAttribute(attribute) == refId;
-  })[0];
-  if (idAttribute === undefined)
+  var idAttribute = currentNode.getAttribute('ID') ? 'ID' : 'Id';
+  if (currentNode.getAttribute(idAttribute) != refId)
     return false;
   // If we find any extra referenced nodes, reject.  (xml-crypto only verifies one digest, so
   //   multiple candidate references is bad news)
-  var totalReferencedNodes = xpath(currentNode.ownerDocument, "//*[@" + idAttribute + "='" + refId + "']");
+  var totalReferencedNodes = xpath(currentNode.ownerDocument,
+                                  "//*[@" + idAttribute + "='" + refId + "']");
   if (totalReferencedNodes.length > 1)
     return false;
   return sig.checkSignature(fullXml);